The IT Objection Handler

Let me be clear about something before we start: IT teams aren't the enemy. They're rational actors operating within incentive structures that reward risk mitigation over value creation. Understanding this is the first step to working with them productively.

That said, if you've tried to deploy an AI solution in any organization with more than 200 employees, you've hit The Wall. Here's how to get over it.

The Seven Objections

After working with dozens of organizations on AI implementation, we've cataloged the objections. They're remarkably consistent. Here they are, in the order you'll typically encounter them:

Objection 1: "We need to do a security review"

What they mean: We need to evaluate the risk before approving this.

What you should hear: We don't have a fast-track process for evaluating new AI tools.

The play: Don't fight the security review. Accelerate it. Come to the meeting with:

• A completed security questionnaire (most AI vendors publish these)
• SOC 2 / ISO 27001 certifications from the vendor
• A data flow diagram showing exactly what data touches the AI and where it goes
• A comparison to tools already approved in your environment

The security team's job is to evaluate risk, not to say no. Make their job easy and they'll move fast.

Objection 2: "What about data privacy / PII?"

What they mean: If customer data leaks through an AI tool, we're liable.

What you should hear: This is a legitimate concern that requires a technical solution, not a political one.

The play: Design your implementation to avoid the problem entirely:

• Use data masking or anonymization before sending data to AI models
• Implement the AI in a way that processes data locally when possible
• Use enterprise tiers that provide data isolation guarantees
• Document your data handling in a one-page architecture diagram

The strongest position isn't "trust us, it's fine." It's "here's exactly how we've engineered the privacy risk to zero."

Objection 3: "This isn't on our approved vendor list"

What they mean: Our procurement process wasn't designed for the pace of AI innovation.

What you should hear: We need an exception process, and nobody has created one.

The play: Propose the exception process yourself. Draft a one-page "AI Tool Evaluation Framework" that includes:

• Security requirements (SOC 2, data residency, etc.)
• Privacy requirements (data handling, retention policies)
• Compliance requirements (industry-specific regulations)
• Cost thresholds for different approval levels

Present this to IT not as a way to bypass them, but as a way to make their job more manageable. Most IT leaders will welcome a structured framework over ad-hoc requests.

Objection 4: "We're already working with [Big Vendor] on our AI strategy"

What they mean: We've committed budget and political capital to a platform decision.

What you should hear: There's an incumbent relationship that any new tool threatens.

The play: Don't compete. Complement. Position your initiative as a tactical experiment that feeds data into the strategic platform decision. "We're testing specific use cases so we can give [Big Vendor] better requirements when we're ready to scale."

This works because it's true. Small experiments generate real-world data about what works. That data makes the big platform decision better.

Objection 5: "Who's going to maintain this?"

What they mean: We don't want to own another system that the business builds and then abandons.

What you should hear: This is the most legitimate objection on the list.

The play: Own it. Seriously. The business team that builds the AI solution should maintain the AI solution. Don't throw it over the wall to IT. Budget for ongoing maintenance from day one. Define SLAs. Set up monitoring.

The fastest way to lose IT's trust is to build something cool, hand it off, and disappear. The fastest way to earn it is to say "this is ours to maintain, and here's our plan."

Objection 6: "What about compliance / regulatory requirements?"

What they mean: Our industry has specific rules about how we can use AI, and we're not sure this complies.

What you should hear: Nobody has mapped AI regulations to our specific use cases.

The play: Do the mapping. For your specific use case, identify:

• Which regulations actually apply (many don't)
• What the regulations actually require (often less than people assume)
• How your implementation satisfies those requirements
• What documentation you need to maintain

Bring your legal team in early—not to block the project, but to define the guardrails. Most lawyers are happy to help you find a way forward. They get frustrated when they're asked to rubber-stamp decisions after the fact.

Objection 7: "We need to standardize on a single AI platform"

What they mean: The proliferation of AI tools is making our environment unmanageable.

What you should hear: They're right, and you need to work within that constraint.

The play: Agree with the principle while pushing back on the timing. "Standardization is the right long-term play. Right now, we're still learning which capabilities matter for our business. These experiments will inform that standardization decision."

Then actually deliver on the promise. Document what you learn. Share results. When the standardization decision comes, be the team that has real data, not just opinions.

The Meta-Strategy

Notice what all these plays have in common: they don't circumvent IT. They work with IT by doing the work that IT doesn't have bandwidth to do themselves.

The organizations that move fastest on AI aren't the ones with the most permissive IT departments. They're the ones where the business teams take responsibility for addressing IT's legitimate concerns proactively.

Come with solutions, not complaints. Come with documentation, not demands. Come with a plan for maintenance, not just a plan for launch.

IT will meet you halfway. They usually go further than that.